`dissect.target.plugins.os.windows.services`¶

Module Contents¶

Classes¶

ServicesPlugin

Services plugin.

Attributes¶

`ServiceRecord`
`SERVICE_ENUMS`
`RE_PATH_SPLIT`
`RE_PATH_SPLIT_FALLBACK`

dissect.target.plugins.os.windows.services.ServiceRecord¶

dissect.target.plugins.os.windows.services.SERVICE_ENUMS¶

dissect.target.plugins.os.windows.services.RE_PATH_SPLIT¶

dissect.target.plugins.os.windows.services.RE_PATH_SPLIT_FALLBACK¶

class dissect.target.plugins.os.windows.services.ServicesPlugin(target: dissect.target.Target)¶

Bases: dissect.target.plugin.Plugin

Services plugin.

KEY = 'HKLM\\SYSTEM\\CurrentControlSet\\Services'¶

check_compatible() → None¶

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:: UnsupportedPluginError – If the plugin could not be loaded.

services() → Iterator[ServiceRecord]¶

Return information about all installed Windows services.

The HKLMSYSTEMCurrentControlSetServices registry key contains information about the installed services and drivers on the system.

References

https://artifacts-kb.readthedocs.io/en/latest/sources/windows/ServicesAndDrivers.html

Yields ServiceRecords with fields:

hostname (string): The target hostname.
domain (string): The target domain.
ts (datatime): The last modified timestamp of the registry key.
name (string): The service name.
displayname (string): The service display name.
servicedll (path): The service dll.
imagepath (path): The service image path.
objectname (string): The object under which the service runs (for example LocalSystem)
start (string): The service start field.
type (string): The service type field.
errorcontrol (string): The service error control field.

dissect.target.plugins.os.windows.services¶

Module Contents¶

Classes¶

Attributes¶

`dissect.target.plugins.os.windows.services`¶